Menu
▾
▴
[mxbb-commits] core/install mx_install.php,1.81,1.82
|
From: OryNider <ory...@us...> - 2008-01-18 10:28:41
|
Update of /cvsroot/mxbb/core/install In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv16080/install Modified Files: mx_install.php Log Message: mx_message_die() upgrade plus an @ in funtions_install Index: mx_install.php =================================================================== RCS file: /cvsroot/mxbb/core/install/mx_install.php,v retrieving revision 1.81 retrieving revision 1.82 diff -C2 -d -r1.81 -r1.82 *** mx_install.php 13 Sep 2007 09:12:38 -0000 1.81 --- mx_install.php 18 Jan 2008 10:28:37 -0000 1.82 *************** *** 215,218 **** --- 215,311 ---- } } + + /* + * Remove variables created by register_globals from the global scope + * Thanks to Matt Kavanagh + */ + function deregister_globals() + { + $not_unset = array( + 'GLOBALS' => true, + '_GET' => true, + '_POST' => true, + '_COOKIE' => true, + '_REQUEST' => true, + '_SERVER' => true, + '_SESSION' => true, + '_ENV' => true, + '_FILES' => true, + 'phpEx' => true, + 'phpbb_root_path' => true + ); + + // Not only will array_merge and array_keys give a warning if + // a parameter is not an array, array_merge will actually fail. + // So we check if _SESSION has been initialised. + if (!isset($_SESSION) || !is_array($_SESSION)) + { + $_SESSION = array(); + } + + // Merge all into one extremely huge array; unset this later + $input = array_merge( + array_keys($_GET), + array_keys($_POST), + array_keys($_COOKIE), + array_keys($_SERVER), + array_keys($_SESSION), + array_keys($_ENV), + array_keys($_FILES) + ); + + foreach ($input as $varname) + { + if (isset($not_unset[$varname])) + { + // Hacking attempt. No point in continuing unless it's a COOKIE + if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) + { + exit; + } + else + { + $cookie = &$_COOKIE; + while (isset($cookie['GLOBALS'])) + { + foreach ($cookie['GLOBALS'] as $registered_var => $value) + { + if (!isset($not_unset[$registered_var])) + { + unset($GLOBALS[$registered_var]); + } + } + $cookie = &$cookie['GLOBALS']; + } + } + } + + unset($GLOBALS[$varname]); + } + + unset($input); + } + + // If we are on PHP >= 6.0.0 we do not need some code + if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) + { + /** + * @ignore + */ + define('STRIP', false); + } + else + { + set_magic_quotes_runtime(0); + + // Be paranoid with passed vars + if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) + { + deregister_globals(); + } + + define('STRIP', (get_magic_quotes_gpc()) ? true : false); + } + // // End Of Global Vars Initialization *************** *** 344,348 **** if( install_language_select($lang_options, $language, 'language') > 1 ) { ! include($mx_root_path . "install/language/lang_$language/lang_admin.$phpEx"); $s_hidden_fields = ''; --- 437,448 ---- if( install_language_select($lang_options, $language, 'language') > 1 ) { ! if( @file_exists($mx_root_path . "install/language/lang_$language/lang_admin.$phpEx") ) ! { ! include($mx_root_path . "install/language/lang_$language/lang_admin.$phpEx"); ! } ! else ! { ! include($mx_root_path . "install/language/lang_english/lang_admin.$phpEx"); ! } $s_hidden_fields = ''; |
